You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Fake Windows Security Center

I want to get rid of this fake Windows Security Center that wants me to install Ultimate Fixer, System Defender, and syscleaner. I've seen some others with this problem, but there doesn't seem to be a generic solution that I can easily follow, so I was hoping to get some specific help. Here's my Hijack This log:

Please ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

Open Notepad - don't use any other texteditor than Notepad or the script will fail !Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/144816/fake-windows-security-center/Collect::[9]C:\WINDOWS\system32\rxjvpfky.dllFolder::C:\VundoFix BackupsDriver::fc0737f3Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rxjvpfky]Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

My computer rebooted before CF had a chance to reboot it, so the message box with the zip file never happened, but the fake security center is gone, you are awesome. It all came down to that stupid DLL file huh? Anyway here are my logs from Hijackthis and CF.

Yes, in this case it came down to a single file and some leftovers.Problem is, you never know for sure without a proper diegnose log.

You can remove all used tools and folders created in the process.To remove ComboFix :Go to Start > Run, and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /uThen press Enter.This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference